Cleartext Protocol Usage Via Netflow

calendar Jan 29, 2024 · attack.credential_access  ·
Share on: linkedin copy

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.

Sigma rule (View on GitHub)

 1title: Cleartext Protocol Usage Via Netflow
 2id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f
 3status: stable
 4description: |
 5  Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels
 6  Ensure that an encryption is used for all sensitive information in transit.
 7  Ensure that an encrypted channels is used for all administrative account access.  
 8references:
 9    - https://www.cisecurity.org/controls/cis-controls-list/
10    - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
11    - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
12author: Alexandr Yampolskyi, SOC Prime
13date: 2019/03/26
14modified: 2022/11/18
15tags:
16    - attack.credential_access
17    # - CSC4
18    # - CSC4.5
19    # - CSC14
20    # - CSC14.4
21    # - CSC16
22    # - CSC16.5
23    # - NIST CSF 1.1 PR.AT-2
24    # - NIST CSF 1.1 PR.MA-2
25    # - NIST CSF 1.1 PR.PT-3
26    # - NIST CSF 1.1 PR.AC-1
27    # - NIST CSF 1.1 PR.AC-4
28    # - NIST CSF 1.1 PR.AC-5
29    # - NIST CSF 1.1 PR.AC-6
30    # - NIST CSF 1.1 PR.AC-7
31    # - NIST CSF 1.1 PR.DS-1
32    # - NIST CSF 1.1 PR.DS-2
33    # - ISO 27002-2013 A.9.2.1
34    # - ISO 27002-2013 A.9.2.2
35    # - ISO 27002-2013 A.9.2.3
36    # - ISO 27002-2013 A.9.2.4
37    # - ISO 27002-2013 A.9.2.5
38    # - ISO 27002-2013 A.9.2.6
39    # - ISO 27002-2013 A.9.3.1
40    # - ISO 27002-2013 A.9.4.1
41    # - ISO 27002-2013 A.9.4.2
42    # - ISO 27002-2013 A.9.4.3
43    # - ISO 27002-2013 A.9.4.4
44    # - ISO 27002-2013 A.8.3.1
45    # - ISO 27002-2013 A.9.1.1
46    # - ISO 27002-2013 A.10.1.1
47    # - PCI DSS 3.2 2.1
48    # - PCI DSS 3.2 8.1
49    # - PCI DSS 3.2 8.2
50    # - PCI DSS 3.2 8.3
51    # - PCI DSS 3.2 8.7
52    # - PCI DSS 3.2 8.8
53    # - PCI DSS 3.2 1.3
54    # - PCI DSS 3.2 1.4
55    # - PCI DSS 3.2 4.3
56    # - PCI DSS 3.2 7.1
57    # - PCI DSS 3.2 7.2
58    # - PCI DSS 3.2 7.3
59logsource:
60    service: netflow
61detection:
62    selection:
63        destination.port:
64            - 8080
65            - 21
66            - 80
67            - 23
68            - 50000
69            - 1521
70            - 27017
71            - 1433
72            - 11211
73            - 3306
74            - 15672
75            - 5900
76            - 5901
77            - 5902
78            - 5903
79            - 5904
80    condition: selection
81falsepositives:
82    - Unknown
83level: low

References

  • The 18 CIS Controls

    The 18 CIS Controls version 8 combines and consolidates the CIS Controls by activities, rather than by who manages the devices.


    Read More

  • Document Library

    A global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.


    Read More

  • %PDF-1.6 %âãÏÓ 3102 0 obj endobj 3108 0 obj /Filter/FlateDecode/ID[ ]/Index[3102 17]/Info 3101 0 R/Length 51/Prev 1061976/Root 3103 0 R/Size 3119/Type/XRef/W[1 2 1]>>stream hÞbbd``b`~$÷‚;÷9ˆ(...


    Read More

Related rules

to-top